[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jan 13 20:44:45 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
80a507d4 by Salvatore Bonaccorso at 2026-01-13T21:43:25+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -12,7 +12,7 @@ CVE-2026-22791 (openCryptoki is a PKCS#11 library and tools for Linux and AIX. I
NOTE: Introduced with: https://github.com/opencryptoki/opencryptoki/commit/785d7577e1477d12fbe235554e7e7b24f2de34b7 (v3.25.0)
NOTE: Fixed by: https://github.com/opencryptoki/opencryptoki/commit/e37e9127deeeb7bf3c3c4d852c594256c57ec3a8
CVE-2026-22755 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
- TODO: check
+ NOT-FOR-US: Vivotek
CVE-2026-21306 (Substance3D - Sampler versions 5.1.0 and earlier are affected by an ou ...)
NOT-FOR-US: Adobe
CVE-2026-21305 (Substance3D - Painter versions 11.0.3 and earlier are affected by an o ...)
@@ -50,225 +50,225 @@ CVE-2026-21267 (Dreamweaver Desktop versions 21.6 and earlier are affected by an
CVE-2026-21265 (Windows Secure Boot stores Microsoft certificates in the UEFI KEK and ...)
TODO: check
CVE-2026-21226 (Deserialization of untrusted data in Azure Core shared client library ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21224 (Stack-based buffer overflow in Azure Connected Machine Agent allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21221 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21219 (Use after free in Inbox COM Objects allows an unauthorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20965 (Improper verification of cryptographic signature in Windows Admin Cent ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20963 (Deserialization of untrusted data in Microsoft Office SharePoint allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20962 (Use of uninitialized resource in Dynamic Root of Trust for Measurement ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20959 (Improper neutralization of input during web page generation ('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20958 (Server-side request forgery (ssrf) in Microsoft Office SharePoint allo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20957 (Integer underflow (wrap or wraparound) in Microsoft Office Excel allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20956 (Untrusted pointer dereference in Microsoft Office Excel allows an unau ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20955 (Untrusted pointer dereference in Microsoft Office Excel allows an unau ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20953 (Use after free in Microsoft Office allows an unauthorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20952 (Use after free in Microsoft Office allows an unauthorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20951 (Improper input validation in Microsoft Office SharePoint allows an una ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20950 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20949 (Improper access control in Microsoft Office Excel allows an unauthoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20948 (Untrusted pointer dereference in Microsoft Office Word allows an unaut ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20947 (Improper neutralization of special elements used in an sql command ('s ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20946 (Out-of-bounds read in Microsoft Office Excel allows an unauthorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20944 (Out-of-bounds read in Microsoft Office Word allows an unauthorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20943 (Untrusted search path in Microsoft Office allows an unauthorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20941 (Improper link resolution before file access ('link following') in Host ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20940 (Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20939 (Exposure of sensitive information to an unauthorized actor in Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20938 (Untrusted pointer dereference in Windows Virtualization-Based Security ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20937 (Exposure of sensitive information to an unauthorized actor in Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20936 (Out-of-bounds read in Windows NDIS allows an authorized attacker to di ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20935 (Untrusted pointer dereference in Windows Virtualization-Based Security ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20934 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20932 (Exposure of sensitive information to an unauthorized actor in Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20931 (External control of file name or path in Windows Telephony Service all ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20929 (Improper access control in Windows HTTP.sys allows an authorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20927 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20926 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20925 (External control of file name or path in Windows NTLM allows an unauth ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20924 (Use after free in Windows Management Services allows an authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20923 (Use after free in Windows Management Services allows an authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20922 (Heap-based buffer overflow in Windows NTFS allows an authorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20921 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20920 (Use after free in Windows Win32K - ICOMP allows an authorized attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20919 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20918 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20877 (Use after free in Windows Management Services allows an authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20876 (Heap-based buffer overflow in Windows Virtualization-Based Security (V ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20875 (Null pointer dereference in Windows Local Security Authority Subsystem ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20874 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20873 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20872 (External control of file name or path in Windows NTLM allows an unauth ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20871 (Use after free in Desktop Windows Manager allows an authorized attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20870 (Use after free in Windows Win32K - ICOMP allows an authorized attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20869 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20868 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20867 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20866 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20865 (Use after free in Windows Management Services allows an authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20864 (Heap-based buffer overflow in Connected Devices Platform Service (Cdps ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20863 (Double free in Windows Win32K - ICOMP allows an authorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20862 (Exposure of sensitive information to an unauthorized actor in Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20861 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20860 (Access of resource using incompatible type ('type confusion') in Windo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20859 (Use after free in Windows Kernel-Mode Drivers allows an authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20858 (Use after free in Windows Management Services allows an authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20857 (Untrusted pointer dereference in Windows Cloud Files Mini Filter Drive ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20856 (Improper input validation in Windows Server Update Service allows an u ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20854 (Use after free in Windows Local Security Authority Subsystem Service ( ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20853 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20852 (Incorrect privilege assignment in Windows Hello allows an unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20851 (Out-of-bounds read in Capability Access Management Service (camsvc) al ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20849 (Reliance on untrusted inputs in a security decision in Windows Kerbero ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20848 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20847 (Exposure of sensitive information to an unauthorized actor in Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20844 (Use after free in Windows Clipboard Server allows an unauthorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20843 (Improper access control in Windows Routing and Remote Access Service ( ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20842 (Use after free in Windows DWM allows an authorized attacker to elevate ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20840 (Heap-based buffer overflow in Windows NTFS allows an authorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20839 (Improper access control in Windows Client-Side Caching (CSC) Service a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20838 (Generation of error message containing sensitive information in Window ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20837 (Heap-based buffer overflow in Windows Media allows an unauthorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20836 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20835 (Out-of-bounds read in Capability Access Management Service (camsvc) al ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20834 (Absolute path traversal in Windows Shell allows an unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20833 (Use of a broken or risky cryptographic algorithm in Windows Kerberos a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20832 (Windows Remote Procedure Call Interface Definition Language (IDL) Elev ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20831 (Time-of-check time-of-use (toctou) race condition in Windows Ancillary ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20830 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20829 (Out-of-bounds read in Windows TPM allows an authorized attacker to dis ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20828 (Out-of-bounds read in Windows Internet Connection Sharing (ICS) allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20827 (Exposure of sensitive information to an unauthorized actor in Tablet W ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20826 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20825 (Improper access control in Windows Hyper-V allows an authorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20824 (Protection mechanism failure in Windows Remote Assistance allows an un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20823 (Exposure of sensitive information to an unauthorized actor in Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20822 (Use after free in Microsoft Graphics Component allows an authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20821 (Exposure of sensitive information to an unauthorized actor in Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20820 (Heap-based buffer overflow in Windows Common Log File System Driver al ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20819 (Untrusted pointer dereference in Windows Virtualization-Based Security ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20818 (Insertion of sensitive information into log file in Windows Kernel all ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20817 (Improper handling of insufficient permissions or privileges in Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20816 (Time-of-check time-of-use (toctou) race condition in Windows Installer ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20815 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20814 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20812 (Improper input validation in Windows LDAP - Lightweight Directory Acce ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20811 (Access of resource using incompatible type ('type confusion') in Windo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20810 (Free of memory not on the heap in Windows Ancillary Function Driver fo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20809 (Time-of-check time-of-use (toctou) race condition in Windows Kernel Me ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20808 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20805 (Exposure of sensitive information to an unauthorized actor in Desktop ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20804 (Incorrect privilege assignment in Windows Hello allows an unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20803 (Missing authentication for critical function in SQL Server allows an a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-0859 (TYPO3's mail\u2011file spool deserialization flaw lets local users wit ...)
NOT-FOR-US: TYPO3 (core or extensions)
CVE-2026-0684 (The CP Image Store with Slideshow plugin for WordPress is vulnerable t ...)
@@ -870,7 +870,7 @@ CVE-2026-22214 (RIOT OS versions up to and including 2026.01-devel-317 contain a
CVE-2026-22213 (RIOT OS versions up to and including 2026.01-devel-317 contain a stack ...)
NOT-FOR-US: RIOT OS
CVE-2026-22212 (TinyOS versions up to and including 2.1.2 contain a stack-based buffer ...)
- TODO: check
+ NOT-FOR-US: TinyOS
CVE-2026-0514 (Due to a Cross-Site Scripting (XSS) vulnerability in SAP Business Conn ...)
NOT-FOR-US: SAP
CVE-2026-0513 (Due to an Open Redirect Vulnerability in SAP Supplier Relationship Man ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80a507d4c786ccaf20e6880d9fdcef103ed0814d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80a507d4c786ccaf20e6880d9fdcef103ed0814d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260113/78178343/attachment.htm>
More information about the debian-security-tracker-commits
mailing list